HPE Community
Operating System - HP-UX
1761375 Members
3871 Online
108901 Solutions
New Discussion юеВ

how to store passwd in shell scripts

 
SOLVED
Go to solution
David Greenberg_3
New Member

тАО01-12-2004 12:03 AM

тАО01-12-2004 12:03 AM

how to store passwd in shell scripts

I need to create some shell scripts that will have FTP username and password info. I know this is not secure, but I dont know what alternatives there are for me. I'm ready to explain the security risks to my users, but want to have some options besides:
1. "You have to type the passwd each time you run the script", and 2.
"The password is in a world readable file, say goodbye to all security."

Do I have any other options?

TIA
0 Kudos
Reply
10 REPLIES 10
G. Vrijhoeven
Honored Contributor

тАО01-12-2004 12:08 AM

тАО01-12-2004 12:08 AM

Re: how to store passwd in shell scripts

Hi Tia,

The alternative is called scp.
check:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=350906

Gideon

0 Kudos
Reply
Sanjay Kumar Suri
Honored Contributor

тАО01-12-2004 12:09 AM

тАО01-12-2004 12:09 AM

Re: how to store passwd in shell scripts

Check the thread.
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=350906
sks
A rigid mind is very sure, but often wrong. A flexible mind is generally unsure, but often right.
0 Kudos
Reply
Vijaya Kumar_3
Respected Contributor

тАО01-12-2004 12:17 AM

тАО01-12-2004 12:17 AM

Solution

Re: how to store passwd in shell scripts

To pass user names and passwords to FTP program, there is a way using .netrc file. This file should exist with file permission 600 in your home directory.
Syntax:

machine login password

When you use ftp command, this will check this file and authnticated.

Also, you can go for exchanging public keys in SCP.

-Thanks
Vijay
Known is a drop, unknown is ocean - visit me at http://vijay.theunixplace.com
Reply
Elmar P. Kolkman
Honored Contributor

тАО01-12-2004 12:22 AM

тАО01-12-2004 12:22 AM

Re: how to store passwd in shell scripts

Try not to do it with passwords in scripts or .netrc files. If a user can login to the server and the file is readable... but you know the risks.

If you don't want to install additional software, you could use rcp. You don't need passwords, just the correct .rhosts file on the remote machine.

If you can install additional software, or have it already installed, install ssh and use scp or sftp. The above thread contains a configuration document in SEP's response.
Every problem has at least one solution. Only some solutions are harder to find.
Reply
Geoff Wild
Honored Contributor

тАО01-12-2004 12:51 AM

тАО01-12-2004 12:51 AM

Re: how to store passwd in shell scripts

You can use .netrc - just make sure the file is 400 and owned by root.

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Mic V.
Esteemed Contributor

тАО01-18-2004 03:56 PM

тАО01-18-2004 03:56 PM

Re: how to store passwd in shell scripts

I've successfully used mail to transfer information between systems. I write a program (generally Perl) to "catch" the data on the target system and use an alias in /etc/mail/aliases:

myalias: |/usr/local/bin/myprogram

to strip the headers and do something with the data that was sent to it.

The advantages IMO are that it's audited (look at /var/adm/syslog/mail.log) and seems more reliable (it queues when a host is down instead of going into the bit bucket). A disadvantage is that by default it's plain text, but so is FTP. :)

Mic
What kind of a name is 'Wolverine'?
0 Kudos
Reply
Elmar P. Kolkman
Honored Contributor

тАО01-18-2004 05:42 PM

тАО01-18-2004 05:42 PM

Re: how to store passwd in shell scripts

Geoff, sorry to disagree, but the .netrc should not be owned by root, but by the user running ftp and be located in his/her homedirectory... And some FTP servers also request a homedirectory not writable by others.

As for the mail variant: you can use any encryption algorithm on the data transferred you like. There are no passwords in it, only the send-script and receive-script (or better, program) need to know how to en- and decrypt the data. So it might be a good solution. And if you configure the receive script as mail-filter in your aliases file, the mail is processed the moment it comes in, so you don't have to schedule and poll for new mail...
Every problem has at least one solution. Only some solutions are harder to find.
0 Kudos
Reply
David Greenberg_3
New Member

тАО01-21-2004 02:18 AM

тАО01-21-2004 02:18 AM

Re: how to store passwd in shell scripts

Hello and Thanks for your ideas.
There were more passwords involved than I mentioned in my original message. I have decided to secure the script with SUDO.

Thank you for all your help.
0 Kudos
Reply
Donny Jekels
Respected Contributor

тАО01-21-2004 03:33 AM

тАО01-21-2004 03:33 AM

Re: how to store passwd in shell scripts

use ssl encrytpion. or shoot your programmer.
"Vision, is the art of seeing the invisible"
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.